What happens if you’re running a Ruby Gem that isn’t so well known, how would you find out that there’s a problem that you need to take care of in your application? You could follow the twitter stream of the writer of all your Gems. Good luck with that!

The very best way is to follow all the relevant security updates from the National Vulnerability Database and filter out which ones apply to your application. This sounds like a full time job, and you have better things to be doing with your time.

Do you really know all the Ruby Gems your application uses? Not just the ones you explicitly added to the Gemfile, but the ones that those Gems required as a dependency? Bundler does provide a nice file - Gemfile.lock - that includes all of the actual Gems used by your application, but have you ever even opened that file?

Do you only have one Ruby on Rails application? No - you have several. I don’t know anyone who only has a single Rails application. All the above problems multiply with the number of applications you are maintaining (even if you don’t do anything to an app, if it’s running in public, you are maintaining that app!)

With these problems in mind, I’ve started development on a new SaaS application called RubyAudit.

Vulnerabilities created by changing your application to use a different Gem version.

I am in the process of developing this application, and it should be available shortly. Sign up at RubyAudit to get updates and to be one of the first people to get Gem vulnerability protection for their Rails and other Ruby applications.

About the Author

Tom Fakes has been building applications with Ruby on Rails for seven years, and is an expert on high performance rails applications.

Mr Fakes was previously the Chief Engineer and co-founder of Offbeat Creations,
a social gaming company that used Ruby on Rails for all their games, scaling them to hundreds-of-thousands of daily
users. In other positions, Mr Fakes has built high scale production applications for Loudeye, Inc and Microsoft.

Mr Fakes is now a consultant providing his expertise to make
your Ruby on Rails applications scale. Get in touch now to
start the process to improve your customer experience, get better conversion rates and
improve your revenue.